Hi,
Following to my shared talk with krh, danvet and Timothée Ravier @
XDC2012, I have
actually taken the time to start fixing some security holes found in the
graphics stack.
Today, I would like to request your comments on the render node
patchset. Keep in mind that I am
not asking for inclusion. However, I know this patchset works on my
nvidia card and I would like
to know if anyone has anything against this architecture.
## DRM
If I'm not mistaken, the idea originated from airlied which got
simplified later by krh.
Both only provided drm patches.
Here is what I did:
- I took krh's patchset
- rebased it on top on drm 3.7-rc8
- added support for Nouveau
- fixed a few bugs along the way (as stated in the commit logs)
The kernel can be found here:
https://gitorious.org/linux-nouveau-pm/linux-nouveau-pm/commits/render_nodes
The patches will also be sent in reply, to let you comment on specific
parts of the patches.
## Libdrm
Here are the two main goals of this patchset:
- Add a new symbol called drmOpenType that allows to open a specific
type of device (usual node, render node)
- Add a new symbol called drmGetSameDeviceButType to get the path to the
same drm_device but with a different type
The patches are available here: http://cgit.freedesktop.org/~mperes/drm/
## DRI2Proto
What we want here is to let the ddx send the render node instead of the
usual one.
However, authentication is not necessary and not shouldn't be done on a
render node.
This modification to DRI2Proto adds a boolean in the Connection response
to tell the dri2 client
that no authentication is required.
The patches are available here:
http://cgit.freedesktop.org/~mperes/dri2proto/
## XServer
The X-Server is responsible for collecting the DRI2 informations from
the ddx.
In this patch, we provide the way for the ddx to specify whether the
DRI2 client should authenticate or not.
The patches are available here: http://cgit.freedesktop.org/~mperes/xserver/
## xf86-video-nouveau
In this patch, we simply tell the DRI2 extension to use the render node if
available (using drmGetSameDeviceButType), and if it is the case,
we set the "require_authentication" attribute to 0.
The patches are available here:
http://cgit.freedesktop.org/~mperes/xf86-video-nouveau/
## Mesa
In this patch, I simply check whether I should authenticate or not using
the information
from the DRI2 protocol.
The patches are available here: http://cgit.freedesktop.org/~mperes/mesa/
Cheers,
Martin